One of the core values of LÜMICO is the responsibility and respect of an individual. LÜMICO OÜ is responsible to make sure that all the personal data of an individual is processed in an effective manner with the applicable data protection legislation in mind.

Any information, related directly or indirectly with a living person is termed as personal data. At LÜMICO OÜ, there are certain activities that require the collection of personal data. The collected data may include given name and surnames, addresses, postal codes, telephone numbers, personal IDs, e-mail addresses etc., hence referred to as “Personal Data”.

You as a customers’ representative or a customer yourself, are provided with the service and is given information about our services & products as well as upcoming events

You as a potential customer or a potential customer’s representative receives information from LÜMICO OÜ

During your employment at LÜMICO OÜ

You applied at LÜMICO OÜ for a job position

During your time of employment at LÜMICO OÜ

Once engaging with us on social media

LÜMICO OÜ and you are in contact to take part in promotions, competitions and surveys.

Fulfil and follow up contractual obligations

Fulfil legal obligations.

Why do we process your data?

What categories of personal data do we collect?

Legal ground

To deliver the content on our website in a correct way To fully optimize the content of our website along with its advertisements

Type of browser

IP addresses

The internet service provider

Sub-websites

Operating system

What time and date you visited the website

URL of the referring site

Any other similar information and/or data that might be used in order to attack our information technology systems

Legitimate interest

To fulfil and follow up contractual obligations, yours as well as ours

Contact information such as your email address and name

Organizational data which includes company name, its address, country and the contact number

If you happen to be a sole trader, we process financial data as well such as bank accounts, credit ratings and payments as well as contractual related data which is inclusive of order number, contract number and invoices

The process to communicate effectively with the applicant and review the application

Until the job position has been appointed; Fulfilment of the agreement. After the job position has been appointed; Legitimate interest. Once the recruitment has been finalized, the collected personal data is filed in order to be used a for potential appeal of recruitment such as, for example, based upon the breaches of discrimination legislation. In the case when it is no longer possible to appeal the recruitment, the information is lost and destroyed if the concerned candidate did not consent to any further processing

Having the ability to control your personal data, we may assign the processing stated above to a supplier or a partner as set out in the section “Third party components”. Such processing will not be proceeded in any other purpose as to that stated above. Some suppliers and partners might have parts of their business in countries located outside EEA/EU (also referred to as Third countries). Any of your personal data is only given to such countries only if their standard of data protection is at a level to that of the EU countries or if the supplier has an enforceable instrument and legal bindings which guarantees the safety of your personal data.

Point out against the processing of your certain personal data and request your personal data processing to be limited.

Have your personal data transferred over to a different controller

Withdraw your consent to the protection of your personal data

In any case, if you are not 100% satisfied with our processing of your personal data, you may report our process to the Estonian Data Protection Authority, the authority in charge of supervising us. You may at any given time through the contact information below, info@lumico.ee obtain, erase or limit the processing of your collected personal data. However, please note that limiting your personal data or erasing from our servers may disable the company to provide you with the service.

Lümico has made use of effective organizational and technical measure in order to protect personal data against unauthorized access, abuse, loss, alternation, revealing and destruction. In order to make sure that the collected personal data is processed in a secure and confidential fashion, we ensure that the obligations set out under Article 32-36 of the GDPR are met. A detailed description of the applied security measure can be generated upon request. LÜMICO OÜ’s suppliers and employees are bound by confidentiality agreements and are obliged to follow the companies’ rules for IT security and information, this privacy policy, as well as other, policies and internal rules that regulate the processing of personal data.

LÜMICO OÜ websites use cookies. Via the use of cookies, LÜMICO OÜ has the ability to provide its website users better user-friendly services that would not possible without the effective use of cookies. If you wish to deactivate the setting of cookies in your web browser, you may have limit functionality on the website.LÜMICO OÜ websites use cookies. Via the use of cookies, LÜMICO OÜ has the ability to provide its website users better user-friendly services that would not possible without the effective use of cookies. If you wish to deactivate the setting of cookies in your web browser, you may have limit functionality on the website.

On this website, the controller has put in components of Facebook. The data protection guideline published by Facebook can be accessed at https://facebook.com/about/privacy/. It provides the essential information on the collection, processing and use of your personal data by Facebook.

Google Analytics

On this website, LÜMICO OÜ has integrated the components of Google Analytics (along with the anonymizer function). Google analytics is a web analytics service. For the website analytics via the Google Analytics, the controller makes use of the application “_gat. _anonymizelp”. Via this application, the IP address of your internet shortened by Google and anonymised when accessing our website from a Contraction State to the Agreement on the European Economic Area or Member State of European Union. Further information over the applicable data protection provisions of Google can be accessed under http://www.google.com/analytics/terms/us.html and https://www.google.com/intl/en/policies/privacy/. You have the full right and responsibility to object over the collection of the generated data by the Google Analytics which is in relation to our website, as well as the processing of data via Google and have the possibility to prevent any such use. In order to do so, you have to download and install an add-on for your browser under https://tools.google.com/dlpage/gaoptout.

Google +

On this website, the company has put in the Google+ button as a component. Via this button, Google receives the information that you have visited over our website if you are logged into your Google+ account during the time of call-up. This takes place regardless of whether you click or don’t click the Google+ button. More information on this can be found at https://developers.google.com/+/.

Instagram

On this website, the company has put in the components for Instagram as well. Instagram will receive the information through the Instagram component that you have visited our website given that you are logged into Instagram at the time of visiting our website. This will take place regardless the user has clicked the Instagram button or not. More information on this can be found at https://www.instagram.com/about/legal/privacy/ and https://help.instagram.com/155833707900388.

LinkedIn

This website also has an integrated LinkedIn component. LinkedIn receives information through the LinkedIn component that you have visited our website, provided that at the time of visiting our website, you were logged into your LinkedIn account. This occurs regardless you have to click the LinkedIn button or not. The applicable privacy policy can be accessed at https://www.linkedin.com/legal/privacy-policy. The cookie policy for LinkedIn can be found at https://www.linkedin.com/legal/cookie-policy.

Twitter

The company has an integrated component for Twitter. Twitter will receive your information that you have visited our website provided that you were logged into your twitter account at the time you visited our website. This will take place regardless of the fact that you have clicked the Twitter button or not. The applicable data protection provisions of Twitter can be read at https://twitter.com/privacy?lang=en.

YouTube

On this website, the company has a building component for YouTube. Both Google and YouTube will receive you the information via the YouTube component that you made a visit to our website. However, this will occur automatically if you are logged into your youtube once you visited our website. In order to access YouTube’s data protection provisions, please go to https://www.google.com/intl/en/policies/privacy/.

The company amends the right to this mentioned privacy policy as the company sees it fit The date for the latest amendments is mentioned at the end of this privacy policy. Therefore, you are recommended to read this policy on regular basis in order to update yourself from time to time. If this privacy policy is altered to a great degree as to when your company obtained the consent, the company will make sure to inform you of these changes in its privacy policy. In certain cases, you may obtain new consent to the processing of your personal data.The company amends the right to this mentioned privacy policy as the company sees it fit The date for the latest amendments is mentioned at the end of this privacy policy. Therefore, you are recommended to read this policy on regular basis in order to update yourself from time to time. If this privacy policy is altered to a great degree as to when your company obtained the consent, the company will make sure to inform you of these changes in its privacy policy. In certain cases, you may obtain new consent to the processing of your personal data.

Data controller – the entity that regulates the conditions, purposes and means of the personal data processing.

Data Subject – a natural person whose personal data is being processed by a processor or a controller.

Data Processor – the entity that regulates data on behalf of the data controller

Data Protection Officer – an expert in the field of data privacy who independently works in order to make sure that an entity is following the procedures and policies set by the GDPR (more info on this can be found here)

Processing – any operation performed on the personal data of the person, whether it is automated or not. Processing includes collection, recording, use etc.

Personal Data – Any information related to a person or ‘Data Subject’, that can be used to indirectly or directly identify the person.

Right to be forgotten – also termed as Data Erasure, it binds the data subject to have the data controller remove his or her data off the database, stop further distribution of the data as well as potentially make the third parties stop processing the data subjects’ data

Right to access – also termed as the subject access right, it allows the data subject to access the data and information that is accessible to the controller

Subject Access Right – also termed as Right to Access, it allows the data subject to access the data and information that is accessible to the controller